I challenged Seccon Beginners ctf 2020 again this year. Well, I couldn't solve it, but I could solve only one question by myself, so I will write Write UP.
mask The difficulty level is "beginner". When you answer the zip file in question, you will see a file called mask. This will be analyzed.
First of all, what is this? So, if you look it up using the file
command
$ file mask
mask: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=49166a467aee16fbfe167daf372d3263837b4887, for GNU/Linux 3.2.0, not stripped
So you can see that it is a Linux executable file.
So, if you try it for the time being
$ ./mask
Usage: ./mask [FLAG]
It seems that you should suddenly add FLAG.
So, I used commands summarized last year to investigate. First, try using `` `strings```. (As a result, this time alone managed to do it)
$ strings mask
/lib64/ld-linux-x86-64.so.2
7-2c
libc.so.6
strcpy
puts
__stack_chk_fail
strlen
__cxa_finalize
--Omitted ---
It comes out like this. I wish I had the string ** ctf4g {hogehoge} ** in it, but it's not that easy.
FLAG is ** ctf4g {hogehote} **. So let's put it in properly.
$ ./mask ctf4b{hogehoge}
Putting on masks...
atd4`q`eee`eeeu
c`b bkhkcahkcai
Wrong FLAG. Try again.
I get angry when I am wrong like this. No matter how many times you do this, the same wording will come out. Therefore,
$ ./mask abcdefghijklmnopqrstuvwxyz
Putting on masks...
a`adede`a`adedepqpqtutupqp
abc`abchijkhijk`abc`abchij
Wrong FLAG. Try again.
If you try, you can see that the positions of "c", "t", "f" are "ac", "t`", "db" at the top and bottom. Similarly, try entering English capital letters and "{}".
$ ./mask ABCDEFGHIJKLMNOPQRSTUVWXYZ
Putting on masks...
A@ADEDE@A@ADEDEPQPQTUTUPQP
ABC@ABCHIJKHIJK@ABC@ABCHIJ
Wrong FLAG. Try again.
$ ./mask {}
Putting on masks...
qu
ki
Wrong FLAG. Try again.
It turned out to be.
Now, once again, I checked the output of `` `strings``` for any strings encoded with" ctf4b {".
$ strings ./mask | grep atd
atd4`qdedtUpetepqeUdaaeUeaqau
There is.
Actually, I found it so far, but it took me a while to notice it next time. I got lost because I considered only the upper of the two lines.
For example, if the encoded character is "a", the original character is "a", "c", "i", "k". So, I thought that I would think about a combination of these, so I was searching sites where words appear in crossword puzzles, but all of them came off.
So, rethinking it again, I thought that the lower row might also have meaning, so I thought that there might be a lower row corresponding to "ctf4b", so I output the one containing the letter "c". I tried to.
$ strings ./mask | grep c
7-2c
libc.so.6
strcpy
__stack_chk_fail
__cxa_finalize
strcmp
__libc_start_main
c`b bk`kj`KbababcaKbacaKiacki
Correct! Submit your FLAG.
GCC: (Arch Linux 9.3.0-1) 9.3.0
init.c
crtstuff.c
deregister_tm_clones
completed.7393
mask.c
__libc_csu_fini
strcpy@@GLIBC_2.2.5
__stack_chk_fail@@GLIBC_2.4
__libc_start_main@@GLIBC_2.2.5
strcmp@@GLIBC_2.2.5
__libc_csu_init
__cxa_finalize@@GLIBC_2.2.5
.dynamic
.comment
In this, there is the string `` c
b bkkj
KbababcaKbacaKiacki.
ctf4bAppears when you give the mask
c`b b```Is included.
Since the number of characters is the same as the upper row, it can be seen that this is the encoded lower row.
atd4`qdedtUpetepqeUdaaeUeaqau
c`b bk`kj`KbababcaKbacaKiacki
At this point, all you have to do is find out from the alphabet what the letters in the combination of the upper and lower rows are.
For example, if you arrange only lowercase alphabets,
abcdefghijklmnopqrstuvwxyz
a`adede`a`adedepqpqtutupqp
abc`abchijkhijk`abc`abchij
Also, if the upper and lower rows are "ui", it is "}". If you look up one character at a time,
atd4`qdedtUpetepqeUdaaeUeaqau
c`b bk`kj`KbababcaKbacaKiacki
ctf?b{dont?reverse?face?mask}
Will be. ("?" Is a character that has not been found yet)
On the way, the combination "UK" comes out, but since the words make sense before and after this, I thought this was some kind of symbol, so I tried encoding "_" with mask for the time being.
$ ./mask _
Putting on masks...
U
K
Wrong FLAG. Try again.
I had a clear idea. Also, if you encode the numbers with mask,
$ ./mask 1234567890
Putting on masks...
1014545010
!"# !"#()
Wrong FLAG. Try again.
All combinations were found.
flag is `` ctf4b {dont_reverse_face_mask}
`
$ ./mask ctf4b{dont_reverse_face_mask}
Putting on masks...
atd4`qdedtUpetepqeUdaaeUeaqau
c`b bk`kj`KbababcaKbacaKiacki
Correct! Submit your FLAG.
that's all